Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.
Remediation
References
https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9
https://security.netapp.com/advisory/ntap-20240808-0002/
Related Vulnerabilities
CVE-2022-36905 Vulnerability in maven package eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin
CVE-2022-26112 Vulnerability in maven package org.apache.pinot:pinot-spi
CVE-2019-10361 Vulnerability in maven package org.jenkins-ci.plugins.m2release:m2release
CVE-2019-17558 Vulnerability in maven package org.apache.solr:solr-velocity